[
https://issues.apache.org/jira/browse/HBASE-17115?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15672995#comment-15672995
]
Arshad Mohammad commented on HBASE-17115:
-----------------------------------------
Thanks [~apurtell] and [~jinghe] for the response.
# Currently service level authorization file is used only for RPC services, not
for web services
# yarn and history server are using their own admin.acl property for
authorizing the web URLs.
yarn.admin.acl
mapreduce.jobhistory.admin.acl
Reference:
{code}
/hadoop/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-common/src/main/java/org/apache/hadoop/mapreduce/v2/jobhistory/JHAdminConfig.java
(1 hit)
Line 52: public static final String JHS_ADMIN_ACL = MR_HISTORY_PREFIX +
"admin.acl";
/hadoop/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java
(1 hit)
Line 308: YARN_PREFIX + "admin.acl";
{code}
# This jira is only for handling the authorization in web URLs, authentication
is already present.
I think the web url authorization should be done the same way as being done in
yarn and history server.
any other thoughts?
> HMaster/HRegion Info Server does not honour admin.acl
> -----------------------------------------------------
>
> Key: HBASE-17115
> URL: https://issues.apache.org/jira/browse/HBASE-17115
> Project: HBase
> Issue Type: Bug
> Reporter: Arshad Mohammad
>
> Currently there is no way to enable protected URLs like /jmx, /conf only
> for admins. This is applicable for both Master and RegionServer.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
